US-CERT Vulnerability Summary for the Week of January 29, 2024
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
60indexpage_project — 60indexpage | A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0945 [email protected] [email protected] [email protected] |
60indexpage_project — 60indexpage | A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0946 [email protected] [email protected] [email protected] |
abozain_o7abeeb_unitone — custom_dashboard_widgets | Cross-Site Request Forgery (CSRF) vulnerability in AboZain, O7abeeb, UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS). This issue affects Custom Dashboard Widgets: from n/a through 1.3.1. | 2024-01-31 | 7.1 | CVE-2024-22290 [email protected] |
aluka — ba_plus_before_&_after_image_slider_free | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aluka BA Plus – Before & After Image Slider FREE allows Reflected XSS. This issue affects BA Plus – Before & After Image Slider FREE: from n/a through 1.0.3. | 2024-01-31 | 7.1 | CVE-2024-22286 [email protected] |
andrea_tarantini — bp_profile_search | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS. This issue affects BP Profile Search: from n/a through 5.5. | 2024-01-31 | 7.1 | CVE-2024-22293 [email protected] |
angus_johnson — resource_hacker | Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument. | 2024-01-31 | 7.3 | CVE-2024-1112 [email protected] |
apache — kylin | In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file ‘kylin.properties’, that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers to hijack the HTTP payload and get access to the content of kylin.properties and potentially the containing credentials. To avoid this threat, users are recommended to * Always turn on HTTPS so that network payload is encrypted. * Avoid putting credentials in kylin.properties, or at least not in plain text. * Use network firewalls to protect the serverside such that it is not accessible to external attackers. * Upgrade to version Apache Kylin 4.0.4, which filters out the sensitive content that goes to the Server Config web interface. | 2024-01-29 | 7.5 | CVE-2023-29055 [email protected] [email protected] |
apache_software_foundation — apache_servicecomb_service-center | Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests. This issue affects Apache ServiceComb before 2.1.0(include). Users are recommended to upgrade to version 2.2.0, which fixes the issue. | 2024-01-31 | 7.6 | CVE-2023-44313 [email protected] [email protected] |
apachefriends — xampp | A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH). | 2024-02-02 | 7.3 | CVE-2024-0338 [email protected] |
apollographql — apollo-client-nextjs | apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e.g. by redirecting a user to a specifically-crafted link) or arrange to have malicious input be returned by a GraphQL server (e.g. by persisting it in a database). To fix this issue, please update to version 0.7.0 or later. | 2024-01-30 | 8.2 | CVE-2024-23841 [email protected] [email protected] |
arcadia_technology_llc — crafty_controller_4 | A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header | 2024-02-03 | 7.5 | CVE-2024-1064 [email protected] |
areal_sas — topkapi_vision_(server) | SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login. | 2024-01-31 | 9.1 | CVE-2023-50356 [email protected] |
b&r_industrial_automation — automation_studio | Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation. This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. | 2024-02-02 | 8.2 | CVE-2020-24681 [email protected] |
b&r_industrial_automation — automation_studio | Improper Control of Generation of Code (‘Code Injection’) vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code. This issue affects Automation Studio: from 4.0 through 4.12. | 2024-02-02 | 8.3 | CVE-2021-22282 [email protected] |
b&r_industrial_automation — automation_studio | Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. | 2024-02-02 | 7.2 | CVE-2020-24682 [email protected] |
bi_excellence_software — openbi | A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307. | 2024-01-30 | 7.3 | CVE-2024-1032 [email protected] [email protected] [email protected] |
bi_excellence_software — openbi | A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252309 was assigned to this vulnerability. | 2024-01-30 | 7.3 | CVE-2024-1034 [email protected] [email protected] [email protected] |
bi_excellence_software — openbi | A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability. | 2024-01-30 | 7.3 | CVE-2024-1035 [email protected] [email protected] [email protected] |
bi_excellence_software — openbi | A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311. | 2024-01-30 | 7.3 | CVE-2024-1036 [email protected] [email protected] [email protected] |
biges — vg-4c1a-lru_firmware | Path Traversal: ‘/../filedir’ vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C. | 2024-01-26 | 7.5 | CVE-2023-6919 [email protected] |
bosscms — bosscms | Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. | 2024-01-30 | 7.8 | CVE-2024-22938 [email protected] [email protected] [email protected] |
bradley_b_dalina — image_tag_manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bradley B. Dalina Image Tag Manager allows Reflected XSS. This issue affects Image Tag Manager: from n/a through 1.5. | 2024-01-31 | 7.1 | CVE-2024-22160 [email protected] |
broadcom — symantec_data_center_security_server | A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. | 2024-01-26 | 8.8 | CVE-2024-23617 [email protected] |
broadcom — symantec_deployment_solutions | A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | 2024-01-26 | 9.8 | CVE-2024-23613 [email protected] |
broadcom — symantec_messaging_gateway | A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | 2024-01-26 | 9.8 | CVE-2024-23614 [email protected] |
broadcom — symantec_messaging_gateway | A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | 2024-01-26 | 9.8 | CVE-2024-23615 [email protected] |
broadcom — symantec_server_management_suite | A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | 2024-01-26 | 9.8 | CVE-2024-23616 [email protected] |
byzoro — smart_s210_firmware | A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0939 [email protected] [email protected] [email protected] |
cisco — unified_communications_manager | A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. | 2024-01-26 | 10 | CVE-2024-20253 [email protected] |
commscope — arris_surfboard_sbg6950ac2_firmware | An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. | 2024-01-26 | 9.8 | CVE-2024-23618 [email protected] |
cozmoslabs — profile_builder | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | 2024-01-31 | 8.8 | CVE-2024-22140 [email protected] |
crafatar — crafatar | Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5. | 2024-02-01 | 7.5 | CVE-2024-24756 [email protected] [email protected] [email protected] |
cups_easy — cups_easy_(purchase_&_inventory) | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-02-02 | 7.1 | CVE-2024-23895 [email protected] |
cybernetikz — post_views_stats | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in cybernetikz Post views Stats allows Reflected XSS. This issue affects Post views Stats: from n/a through 1.3. | 2024-01-31 | 7.1 | CVE-2024-22289 [email protected] |
dassault_systmes — biovia_materials_studio_products | An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution. | 2024-02-01 | 8.8 | CVE-2023-6078 [email protected] |
degamisu — open-irs | open-irs is an issue response robot that responds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets. | 2024-02-02 | 7.6 | CVE-2024-24757 [email protected] |
delhivery — logistics_courier | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Delhivery Delhivery Logistics Courier.This issue affects Delhivery Logistics Courier: from n/a through 1.0.107. | 2024-01-27 | 8.8 | CVE-2024-22283 [email protected] |
dell — bsafe_crypto-c_micro_edition | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. | 2024-02-02 | 7.4 | CVE-2020-29504 [email protected] |
dell — bsafe_crypto-j | Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity. | 2024-02-02 | 9.1 | CVE-2022-34381 [email protected] |
dell — powerscale_onefs | Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. | 2024-02-01 | 7.8 | CVE-2024-22449 [email protected] |
discord — discord | An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | 2024-01-28 | 9.8 | CVE-2024-23739 [email protected] |
dlink — dap-1650_firmware | A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | 2024-01-26 | 9.8 | CVE-2024-23624 [email protected] |
dlink — dap-1650_firmware | A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | 2024-01-26 | 9.8 | CVE-2024-23625 [email protected] |
dlink — dir-816_a2_firmware | A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139. | 2024-01-26 | 9.8 | CVE-2024-0921 [email protected] [email protected] [email protected] |
doracms — doracms | DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | 2024-01-29 | 9.8 | CVE-2023-51840 [email protected] [email protected] [email protected] |
elise_bosse — frontpage_manager_plugin | Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager. This issue affects Frontpage Manager: from n/a through 1.3. | 2024-01-31 | 8.8 | CVE-2024-22285 [email protected] |
ffmpeg — ffmpeg | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | 2024-01-27 | 9.8 | CVE-2024-22860 [email protected] [email protected] |
ffmpeg — ffmpeg | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | 2024-01-27 | 9.8 | CVE-2024-22862 [email protected] [email protected] |
ffmpeg — ffmpeg | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | 2024-01-27 | 7.5 | CVE-2024-22861 [email protected] |
flink-extended — aiflow | A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \ai_flow\cli\commands\workflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability. | 2024-01-27 | 9.8 | CVE-2024-0960 [email protected] [email protected] [email protected] [email protected] |
forcepoint — f|one_smartedge_agent | Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass. This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554. | 2024-01-29 | 8.4 | CVE-2023-1705 [email protected] |
gessler_gmbh — web-master | Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device. | 2024-02-01 | 9.8 | CVE-2024-1039 [email protected] |
getkap — kap | An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | 2024-01-28 | 9.8 | CVE-2024-23740 [email protected] |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. | 2024-01-26 | 9.9 | CVE-2024-0402 [email protected] [email protected] |
gnome — gdkpixbuf | In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. | 2024-01-26 | 7.8 | CVE-2022-48622 [email protected] |
gnu — glibc | A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. | 2024-01-31 | 7.8 | CVE-2023-6246 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
hitachi — hitachi_storage_plug-in_for_vmware_vcenter | Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2. | 2024-01-30 | 7.9 | CVE-2024-21840 [email protected] |
honeywell — controledge_uoc | An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-01-30 | 9.1 | CVE-2023-5389 [email protected] [email protected] |
hyper — hyper | An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | 2024-01-28 | 9.8 | CVE-2024-23741 [email protected] |
ibm — cloud_pak_system | IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733. | 2024-02-02 | 7.5 | CVE-2023-38273 [email protected] [email protected] |
ibm — merge_efilm_workstation | A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | 2024-01-26 | 9.8 | CVE-2024-23619 [email protected] |
ibm — merge_efilm_workstation | A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | 2024-01-26 | 9.8 | CVE-2024-23621 [email protected] |
ibm — merge_efilm_workstation | A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. | 2024-01-26 | 9.8 | CVE-2024-23622 [email protected] |
ibm — merge_efilm_workstation | An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. | 2024-01-26 | 7.8 | CVE-2024-23620 [email protected] |
ibm — operational_decision_manager | IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. | 2024-02-02 | 9.8 | CVE-2024-22320 [email protected] [email protected] |
ibm — operational_decision_manager | IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote attacker to conduct an LDAP injection. By sending a request with a specially crafted request, an attacker could exploit this vulnerability to inject unsanitized content into the LDAP filter. IBM X-Force ID: 279145. | 2024-02-02 | 8.1 | CVE-2024-22319 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130. | 2024-02-02 | 9.8 | CVE-2023-50940 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116. | 2024-02-02 | 8.8 | CVE-2023-50936 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107. | 2024-02-02 | 7.5 | CVE-2023-50326 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117. | 2024-02-02 | 7.5 | CVE-2023-50937 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129. | 2024-02-02 | 7.5 | CVE-2023-50939 [email protected] [email protected] |
ibm — security_verify_access_appliance | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765. | 2024-02-03 | 8.3 | CVE-2023-31004 [email protected] [email protected] |
ibm — security_verify_access_appliance | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154. | 2024-02-03 | 7.3 | CVE-2023-43016 [email protected] [email protected] |
ibm — security_verify_access_appliance | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651. | 2024-02-03 | 7.5 | CVE-2023-30999 [email protected] [email protected] |
ibm — security_verify_access_appliance | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783. | 2024-02-03 | 7.1 | CVE-2023-32327 [email protected] [email protected] |
ibm — soar_qradar_plugin_app | IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. | 2024-02-02 | 8.1 | CVE-2023-38019 [email protected] [email protected] |
ibm — tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270. | 2024-02-02 | 10 | CVE-2023-47143 [email protected] [email protected] |
ibm — tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization’s local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267. | 2024-02-02 | 7.5 | CVE-2023-47142 [email protected] [email protected] |
imagesourcecontrol — image_source_control | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0. | 2024-01-27 | 7.5 | CVE-2023-52187 [email protected] |
instawp_team — instawp_connect_1-click_wp_staging_&_migration | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration. This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. | 2024-01-31 | 8.5 | CVE-2024-23507 [email protected] |
issabel — pbx | A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0986 [email protected] [email protected] [email protected] |
ivanti — connect_secure | A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | 2024-01-31 | 8.8 | CVE-2024-21888 [email protected] |
ivanti — connect_secure | A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | 2024-01-31 | 8.2 | CVE-2024-21893 [email protected] |
jeremiahorem — custom_user_css | The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 2024-01-29 | 8.8 | CVE-2023-6391 [email protected] [email protected] |
kihron — serverrpexposer | Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. | 2024-02-02 | 8.8 | CVE-2024-22779 [email protected] [email protected] [email protected] |
kuerp_project — kuerp | A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0987 [email protected] [email protected] [email protected] |
kuerp_project — kuerp | A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument App_User_id/App_user_Token leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-252253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0988 [email protected] [email protected] [email protected] |
kuerp_project — kuerp | A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: ‘../filedir’. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0989 [email protected] [email protected] [email protected] |
kunal_nagar — custom_404_pro | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS. This issue affects Custom 404 Pro: from n/a through 3.10.0. | 2024-02-01 | 7.1 | CVE-2023-51540 [email protected] |
latchset — pkcs11-provider | A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption. | 2024-01-30 | 8.1 | CVE-2023-6258 [email protected] [email protected] |
ledgersmb — ledgersmb | LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin’s consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9. | 2024-02-02 | 7.5 | CVE-2024-23831 [email protected] [email protected] |
libcoap — libcoap | A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability. | 2024-01-27 | 7.8 | CVE-2024-0962 [email protected] [email protected] [email protected] [email protected] [email protected] |
linux — glibc | An off-by-one heap-based buffer overflow was found in the __vsyslog_uffer size to store the message, resulting iinternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the bn an application crash. This issue affects glibc 2.37 and newer. | 2024-01-31 | 8.2 | CVE-2023-6779 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
linux — kernel | Transmit requests in Xen’s virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. | 2024-01-29 | 7.5 | CVE-2023-46838 [email protected] [email protected] [email protected] |
linux — kernel | A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. | 2024-01-28 | 7.5 | CVE-2023-6200 [email protected] [email protected] [email protected] |
linux — kernel | A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | 2024-01-28 | 7.8 | CVE-2024-0841 [email protected] [email protected] |
linux — kernel | A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7. | 2024-01-31 | 7.8 | CVE-2024-1085 [email protected] [email protected] |
linux — kernel | A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | 2024-01-31 | 7.8 | CVE-2024-1086 [email protected] [email protected] |
loom — loom | An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | 2024-01-28 | 9.8 | CVE-2024-23742 [email protected] |
lud?k_melichar — better_anchor_links | Cross-Site Request Forgery (CSRF) vulnerability in Lud?k Melichar Better Anchor Links allows Cross-Site Scripting (XSS). This issue affects Better Anchor Links: from n/a through 1.7.5. | 2024-01-31 | 7.1 | CVE-2024-22287 [email protected] |
machinesense — feverwarn | The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication. | 2024-02-01 | 10 | CVE-2023-49617 [email protected] [email protected] |
machinesense — feverwarn | Multiple MachineSense devices have credentials unable to be changed by the user or administrator. | 2024-02-01 | 9.1 | CVE-2023-46706 [email protected] [email protected] |
machinesense — feverwarn | MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device’s web services and compromise the device. | 2024-02-01 | 8.8 | CVE-2023-47867 [email protected] [email protected] |
machinesense — feverwarn | MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack. | 2024-02-01 | 8.1 | CVE-2023-49610 [email protected] [email protected] |
machinesense — feverwarn | MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users. | 2024-02-01 | 7.5 | CVE-2023-49115 [email protected] [email protected] |
machinesense — feverwarn | The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more. | 2024-02-01 | 7.7 | CVE-2023-6221 [email protected] [email protected] |
mailcow — mailcow-dockerized | mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`. | 2024-02-02 | 8.8 | CVE-2024-24760 [email protected] [email protected] |
manageengine — adaudit_plus | ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | 2024-02-02 | 8.3 | CVE-2024-0253 0fc0942c-577d-436f-ae8e-945763c79b02 |
manageengine — adaudit_plus | ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | 2024-02-02 | 8.3 | CVE-2024-0269 0fc0942c-577d-436f-ae8e-945763c79b02 |
marcomilesi — browser_theme_color | Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3. | 2024-01-31 | 8.8 | CVE-2024-22291 [email protected] |
mastodon — mastodon | Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5. | 2024-02-01 | 9.4 | CVE-2024-23832 [email protected] [email protected] [email protected] |
metagauss — registrationmagic_custom_registration_forms_user_registration_payment_and_user_login | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS. This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.1. | 2024-02-01 | 7.1 | CVE-2023-51509 [email protected] |
michael_torbert — simplemap_store_locator | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS. This issue affects SimpleMap Store Locator: from n/a through 2.6.1. | 2024-01-31 | 7.1 | CVE-2024-22282 [email protected] |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2024-01-26 | 9.6 | CVE-2024-21326 [email protected] |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2024-01-26 | 8.3 | CVE-2024-21385 [email protected] |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-02-02 | 8.3 | CVE-2024-21399 [email protected] |
minio — minio | MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z. | 2024-01-31 | 8.8 | CVE-2024-24747 [email protected] [email protected] [email protected] |
mitsubishi_electric_corporation — ezsocket | Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’) vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. | 2024-01-30 | 9.8 | CVE-2023-6943 [email protected] [email protected] [email protected] |
mitsubishi_electric_corporation — ezsocket | Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally. | 2024-01-30 | 7.5 | CVE-2023-6942 [email protected] [email protected] [email protected] |
moby — buildkit | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN –mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN –mount feature. | 2024-01-31 | 10 | CVE-2024-23652 [email protected] [email protected] [email protected] |
moby — buildkit | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with –mount=type=cache,source=… options. | 2024-01-31 | 8.7 | CVE-2024-23651 [email protected] [email protected] [email protected] |
moby — buildkit | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. | 2024-01-31 | 9.8 | CVE-2024-23653 [email protected] [email protected] [email protected] |
modernasistemas — modernanet_hospital_management_system_2024 | The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system’s handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information. | 2024-01-29 | 7.5 | CVE-2024-23747 [email protected] [email protected] |
motorola — mr2600_firmware | A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. | 2024-01-26 | 8.8 | CVE-2024-23626 [email protected] |
motorola — mr2600_firmware | A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. | 2024-01-26 | 8.8 | CVE-2024-23627 [email protected] |
motorola — mr2600_firmware | A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. | 2024-01-26 | 8.8 | CVE-2024-23628 [email protected] |
motorola — mr2600_firmware | An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. | 2024-01-26 | 8.8 | CVE-2024-23630 [email protected] |
motorola — mr2600_firmware | An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. | 2024-01-26 | 7.5 | CVE-2024-23629 [email protected] |
national_keep_cyber_security_services — cybermath | Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server. This issue affects CyberMath from v.1.4 before v.1.5. | 2024-02-02 | 9.8 | CVE-2023-6675 [email protected] |
national_keep_cyber_security_services — cybermath | Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery.This issue affects CyberMath: from v1.4 before v1.5. | 2024-02-02 | 8.8 | CVE-2023-6676 [email protected] |
network — network | Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for an attacker to execute arbitrary commands on the operating system that this package is being run on. | 2024-01-30 | 7.3 | CVE-2024-21488 [email protected] [email protected] [email protected] [email protected] [email protected] |
nginx-ui — nginx-ui | Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This vulnerability has been patched in version 2.0.0.beta.12. | 2024-01-29 | 8.8 | CVE-2024-23828 [email protected] |
nginx-ui — nginx-ui | Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It’s possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue. | 2024-01-29 | 9.8 | CVE-2024-23827 [email protected] |
niushop — b2b2c_multi-business | A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0933 [email protected] [email protected] [email protected] |
notion — notion | An issue in Notion for macOS version 3.1.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | 2024-01-28 | 9.8 | CVE-2024-23743 [email protected] |
ontap_9 — ontap_9 | ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or modifying limited settings, some of which could result in a Denial of Service (DoS). | 2024-01-26 | 7.6 | CVE-2024-21985 [email protected] |
openbi — openbi | A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471. | 2024-01-31 | 9.8 | CVE-2024-1113 [email protected] [email protected] [email protected] |
openbi — openbi | A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252472. | 2024-01-31 | 9.8 | CVE-2024-1114 [email protected] [email protected] [email protected] |
openbi — openbi | A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252473 was assigned to this vulnerability. | 2024-01-31 | 9.8 | CVE-2024-1115 [email protected] [email protected] [email protected] |
openbi — openbi | A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252474 is the identifier assigned to this vulnerability. | 2024-01-31 | 9.8 | CVE-2024-1116 [email protected] [email protected] [email protected] |
openbi — openbi | A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475. | 2024-01-31 | 9.8 | CVE-2024-1117 [email protected] [email protected] [email protected] |
opencontainers — runc | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (“attack 2”). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (“attack 1”). Variants of attacks 1 and 2 could also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (“attack 3a” and “attack 3b”). runc 1.1.12 includes patches for this issue. | 2024-01-31 | 8.6 | CVE-2024-21626 [email protected] [email protected] [email protected] [email protected] [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. | 2024-02-02 | 8.2 | CVE-2024-21860 [email protected] |
opennds — opennds | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | 9.8 | CVE-2023-38317 [email protected] [email protected] [email protected] [email protected] |
opennds — opennds | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | 9.8 | CVE-2023-38318 [email protected] [email protected] [email protected] [email protected] |
opennds — opennds | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | 9.8 | CVE-2023-38319 [email protected] [email protected] [email protected] [email protected] |
opennds — opennds | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | 9.8 | CVE-2023-38323 [email protected] [email protected] [email protected] [email protected] |
opentext — appbuilder | Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. This issue affects AppBuilder: from 21.2 before 23.2. | 2024-01-29 | 7.5 | CVE-2023-4550 [email protected] |
opentext — appbuilder | Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder’s Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process. This issue affects AppBuilder: from 21.2 before 23.2. | 2024-01-29 | 7.2 | CVE-2023-4551 [email protected] |
otrs — otrs | Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1. | 2024-01-29 | 9.8 | CVE-2024-23790 [email protected] |
otrs — otrs | Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1. | 2024-01-29 | 7.5 | CVE-2024-23791 [email protected] |
owasp_modsecurity — modsecurity | ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability. | 2024-01-30 | 8.6 | CVE-2024-1019 [email protected] |
panterasoft — hdd_health | Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation. | 2024-02-02 | 7.8 | CVE-2024-1201 [email protected] |
pegasystems — pega_platform | Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by a Generted PDF issue that could expose file contents. | 2024-01-31 | 8.5 | CVE-2023-50165 [email protected] |
ping_identity — pingdirectory | Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server. | 2024-02-01 | 7.7 | CVE-2023-36496 [email protected] [email protected] [email protected] |
postman — postman | An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | 2024-01-28 | 9.8 | CVE-2024-23738 [email protected] |
progress_software — telerik_justdecompile | In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | 2024-01-31 | 7.8 | CVE-2024-0219 [email protected] [email protected] |
progress_software — telerik_reporting | In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | 2024-01-31 | 7.8 | CVE-2024-0832 [email protected] [email protected] |
progress_software — telerik_test_studio | In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | 2024-01-31 | 7.8 | CVE-2024-0833 [email protected] [email protected] |
qnap_systems_inc — qts | A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 8.8 | CVE-2023-47568 [email protected] |
qnap_systems_inc. — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 9 | CVE-2023-45025 [email protected] |
qnap_systems_inc — photo_station | An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 (2023/12/15) and later | 2024-02-02 | 7.4 | CVE-2023-47562 [email protected] |
qnap_systems_inc — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 8.8 | CVE-2023-39297 [email protected] |
rapid_software_llc — rapid_scada | In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | 2024-02-02 | 9.8 | CVE-2024-21764 [email protected] [email protected] |
rapid_software_llc — rapid_scada | In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution. | 2024-02-01 | 8.8 | CVE-2024-21852 [email protected] [email protected] |
rapid_software_llc — rapid_scada | In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation. | 2024-02-02 | 7.8 | CVE-2024-22016 [email protected] [email protected] |
razormist — employee_management_system | A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_profile.php. The manipulation of the argument txtfullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252276. | 2024-01-29 | 7.2 | CVE-2024-1007 [email protected] [email protected] [email protected] |
razormist — employee_management_system | A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252277 was assigned to this vulnerability. | 2024-01-29 | 7.2 | CVE-2024-1008 [email protected] [email protected] [email protected] |
remyandrade — daily_habit_tracker | Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter ‘tracker.’ | 2024-01-29 | 7.2 | CVE-2024-24140 [email protected] |
remyandrade — login_system_with_email_verification | Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the ‘user’ parameter. | 2024-01-29 | 7.2 | CVE-2024-24139 [email protected] |
remyandrade — school_task_manager | Sourcecodester School Task Manager App 1.0 allows SQL Injection via the ‘task’ parameter. | 2024-01-29 | 9.8 | CVE-2024-24141 [email protected] |
rockwell_automation — controllogix | A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF. | 2024-01-31 | 8.6 | CVE-2024-21916 [email protected] |
rockwell_automation — factorytalk_service_platform | A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication. | 2024-01-31 | 9.8 | CVE-2024-21917 [email protected] |
se-elektronicgmbh — e-ddc3.3_firmware | Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device. | 2024-01-29 | 9.8 | CVE-2024-1015 [email protected] [email protected] |
se-elektronicgmbh — e-ddc3.3_firmware | Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could interrupt the availability of the administration panel by sending multiple ICMP packets. | 2024-01-29 | 7.5 | CVE-2024-1014 [email protected] [email protected] |
shanxi_diankeyun_technology — noderp | A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 7.3 | CVE-2024-1006 [email protected] [email protected] [email protected] |
shield_security — shield_security_smart_bot_blocking_&_intrusion_prevention_security | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS. This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from n/a through 18.5.7. | 2024-01-31 | 7.1 | CVE-2024-22163 [email protected] |
silabs.com — gsdk | A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | 2024-02-02 | 7.5 | CVE-2023-6387 [email protected] [email protected] |
sourcecodester — employee_management_system | A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability. | 2024-01-29 | 7.3 | CVE-2024-1009 [email protected] [email protected] [email protected] |
sourcecodester — testimonial_page_manager | A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695. | 2024-02-02 | 7.3 | CVE-2024-1197 [email protected] [email protected] |
splunk — splunk_add-on_builder | In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. | 2024-01-30 | 8.2 | CVE-2023-46230 [email protected] |
splunk — splunk_add-on_builder | An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 (2024/01/04) and later Qsync Central 4.3.0.11 (2024/01/11) and later | 2024-02-02 | 8 | CVE-2023-47564 [email protected] |
standford — gibsonenv | A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204. | 2024-01-27 | 9.8 | CVE-2024-0959 [email protected] [email protected] [email protected] [email protected] |
statamic — cms | Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel. Additionally, if the XSS is crafted in a specific way, the “copy password reset link” feature may be exploited to gain access to a user’s password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur. In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled. | 2024-02-01 | 8.2 | CVE-2024-24570 [email protected] |
tanstack — query | TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later. | 2024-01-30 | 8.2 | CVE-2024-24558 [email protected] [email protected] |
tenda — ac10u_firmware | A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0924 [email protected] [email protected] [email protected] |
tenda — i6_firmware | A vulnerability, which was classified as critical, was found in Tenda i6 1.0.0.9(3857). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component httpd. The manipulation of the argument ping1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0990 [email protected] [email protected] [email protected] |
tenda — i6_firmware | A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classified as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0991 [email protected] [email protected] [email protected] |
tenda — i6_firmware | A vulnerability was found in Tenda i6 1.0.0.9(3857) and classified as critical. This issue affects the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0992 [email protected] [email protected] [email protected] |
tenda — i6_firmware | A vulnerability was found in Tenda i6 1.0.0.9(3857). It has been classified as critical. Affected is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0993 [email protected] [email protected] [email protected] |
tenda — i9_firmware | A vulnerability classified as critical has been found in Tenda i9 1.0.0.9(4122). This affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0996 [email protected] [email protected] [email protected] |
tenda — w6_firmware | A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been declared as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0994 [email protected] [email protected] [email protected] |
tenda — w6_firmware | A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-0995 [email protected] [email protected] [email protected] |
tendacn — ac10u_firmware | A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0922 [email protected] [email protected] [email protected] |
tendacn — ac10u_firmware | A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0923 [email protected] [email protected] [email protected] |
tendacn — ac10u_firmware | A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0925 [email protected] [email protected] [email protected] |
tendacn — ac10u_firmware | A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0926 [email protected] [email protected] [email protected] |
tendacn — ac10u_firmware | A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0927 [email protected] [email protected] [email protected] |
tendacn — ac10u_firmware | A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0928 [email protected] [email protected] [email protected] |
tendacn — ac10u_firmware | A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0929 [email protected] [email protected] [email protected] |
tendacn — ac10u_firmware | A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0930 [email protected] [email protected] [email protected] |
tendacn — ac10u_firmware | A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0931 [email protected] [email protected] [email protected] |
tendacn — ac10u_firmware | A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0932 [email protected] [email protected] [email protected] |
tongda2000 — office_anywhere_2017 | A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the argument WEBBODY_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252183. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0938 [email protected] [email protected] [email protected] |
totolink — a3300r_firmware | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. | 2024-01-30 | 9.8 | CVE-2024-24325 [email protected] |
totolink — a3300r_firmware | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. | 2024-01-30 | 9.8 | CVE-2024-24326 [email protected] |
totolink — a3300r_firmware | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. | 2024-01-30 | 9.8 | CVE-2024-24327 [email protected] |
totolink — a3300r_firmware | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. | 2024-01-30 | 9.8 | CVE-2024-24328 [email protected] |
totolink — a3300r_firmware | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. | 2024-01-30 | 9.8 | CVE-2024-24329 [email protected] |
totolink — a3300r_firmware | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. | 2024-01-30 | 9.8 | CVE-2024-24330 [email protected] |
totolink — a3300r_firmware | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | 2024-01-30 | 9.8 | CVE-2024-24331 [email protected] |
totolink — a3300r_firmware | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. | 2024-01-30 | 9.8 | CVE-2024-24332 [email protected] |
totolink — a3300r_firmware | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. | 2024-01-30 | 9.8 | CVE-2024-24333 [email protected] |
totolink — a8000ru_firmware | TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | 2024-01-30 | 9.8 | CVE-2024-24324 [email protected] |
totolink — n200re_firmware | A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 9.8 | CVE-2024-1001 [email protected] [email protected] [email protected] |
totolink — n200re_firmware | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 8.8 | CVE-2024-0997 [email protected] [email protected] [email protected] |
totolink — n200re_firmware | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 8.8 | CVE-2024-0998 [email protected] [email protected] [email protected] |
totolink — n200re_firmware | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument eTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 8.8 | CVE-2024-0999 [email protected] [email protected] [email protected] |
totolink — n200re_firmware | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252269 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 8.8 | CVE-2024-1000 [email protected] [email protected] [email protected] |
totolink — n200re_firmware | A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 8.8 | CVE-2024-1002 [email protected] [email protected] [email protected] |
totolink — n200re_firmware | A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 8.8 | CVE-2024-1003 [email protected] [email protected] [email protected] |
totolink — n200re_firmware | A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 7.2 | CVE-2024-1004 [email protected] [email protected] [email protected] |
trendnet — tew-800mb_firmware | A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.2 | CVE-2024-0918 [email protected] [email protected] [email protected] |
trendnet — tew-815dap_firmware | A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.2 | CVE-2024-0919 [email protected] [email protected] [email protected] |
trendnet — tew-822dre_firmware | A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.2 | CVE-2024-0920 [email protected] [email protected] [email protected] |
trendnet — tew-824dru_firmware | An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows local unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. | 2024-01-26 | 7.8 | CVE-2024-22545 [email protected] |
urql_graphql — urql | urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1 | 2024-01-30 | 7.2 | CVE-2024-24556 [email protected] [email protected] |
van_der_schaar_lab — synthcity | A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. | 2024-01-26 | 9.8 | CVE-2024-0937 [email protected] [email protected] [email protected] [email protected] |
vanderschaarlab — temporai | A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. | 2024-01-26 | 8.8 | CVE-2024-0936 [email protected] [email protected] [email protected] [email protected] |
vantage6 — vantage6 | The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0. | 2024-01-30 | 8.8 | CVE-2024-21649 [email protected] [email protected] |
vyperlang — vyper | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren’t literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array. | 2024-02-01 | 9.8 | CVE-2024-24561 [email protected] [email protected] [email protected] |
willyxj — facilemanager | facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges. | 2024-01-31 | 8.8 | CVE-2024-24573 [email protected] [email protected] |
wordpress — wordpress | The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 2024-01-29 | 8.8 | CVE-2023-6390 [email protected] [email protected] |
wordpress — wordpress | The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 2024-01-29 | 8.8 | CVE-2023-6946 [email protected] [email protected] |
wordpress — wordpress | The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 2024-01-29 | 8.8 | CVE-2023-7074 [email protected] [email protected] |
wordpress — wordpress | The ‘HTML5 Video Player’ WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the ‘id’ parameter in the ‘get_view’ function. | 2024-01-30 | 8.6 | CVE-2024-1061 [email protected] |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail for WordPress. This issue affects FreshMail for WordPress: from n/a through 2.3.2. | 2024-01-31 | 8.8 | CVE-2024-22304 [email protected] |
wordpress — wordpress | The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to ‘activated’ which could lead to DoS when using a specific option name | 2024-01-29 | 7.1 | CVE-2023-6279 [email protected] |
wordpress — wordpress | The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the ‘view_page’ function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2024-01-31 | 7.2 | CVE-2024-1069 [email protected] [email protected] [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS. This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8. | 2024-01-31 | 7.1 | CVE-2024-22159 [email protected] |
wordpress — wordpress | Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms. This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36. | 2024-01-31 | 7.5 | CVE-2024-22305 [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17. | 2024-01-31 | 7.1 | CVE-2024-23508 [email protected] |
wp_lab — wp-lister_lite_for_ebay | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS. This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7. | 2024-01-31 | 7.1 | CVE-2024-22307 [email protected] |
wp_spell_check — wp_spell_check | Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17. | 2024-01-31 | 8.8 | CVE-2024-22143 [email protected] |
wpovernight — woocommerce_pdf_invoices_&_packing_slips | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce. This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5. | 2024-01-27 | 7.2 | CVE-2024-22147 [email protected] |
wpzoom — shortcodes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPZOOM Shortcodes allows Reflected XSS. This issue affects WPZOOM Shortcodes: from n/a through 1.0.1. | 2024-01-31 | 7.1 | CVE-2024-22162 [email protected] |
xxyopen — novel-plus | A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-252185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 9.8 | CVE-2024-0941 [email protected] [email protected] [email protected] |
ypopsemail — ypops\! | The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558. | 2024-01-29 | 7.5 | CVE-2024-24736 [email protected] |
zyxel — nas326_firmware | The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15) C0 and NAS542 firmware versions through V5.21(ABAG.12) C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface. | 2024-01-30 | 7.2 | CVE-2023-5372 [email protected] |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aam — advanced_access_manager_restricted_content_users_&_roles_enhanced_security_and_more | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS. This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. | 2024-02-01 | 6.5 | CVE-2023-51674 [email protected] |
advanced_iframe — advanced_iframe | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Advanced iFrame allows Stored XSS. This issue affects Advanced iFrame: from n/a through 2023.8. | 2024-02-01 | 6.5 | CVE-2023-51690 [email protected] |
aio_libs — aiohttp | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability. | 2024-01-29 | 6.5 | CVE-2024-23829 [email protected] [email protected] [email protected] [email protected] |
aio_libs — aiohttp | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option ‘follow_symlinks’ can be used to determine whether to follow symbolic links outside the static root directory. When ‘follow_symlinks’ is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue. | 2024-01-29 | 5.9 | CVE-2024-23334 [email protected] [email protected] [email protected] [email protected] |
aitangbao — springboot-manager | springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files. | 2024-02-01 | 5.4 | CVE-2024-24059 [email protected] |
aitangbao — springboot-manager | springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. | 2024-02-01 | 5.4 | CVE-2024-24060 [email protected] |
aitangbao — springboot-manager | springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. | 2024-02-01 | 5.4 | CVE-2024-24061 [email protected] |
aitangbao — springboot-manager | springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. | 2024-02-01 | 5.4 | CVE-2024-24062 [email protected] |
anchore — stereoscope | stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level `github.com/anchore/stereoscope/pkg/image.Image.Read()` function express this vulnerability. As a workaround, if you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope. | 2024-01-31 | 5.3 | CVE-2024-24579 [email protected] [email protected] |
apache_software_foundation — apache_servicecomb_service-center | Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 (include). Users are recommended to upgrade to version 2.2.0, which fixes the issue. | 2024-01-31 | 5.8 | CVE-2023-44312 [email protected] [email protected] |
appleple — a-blog_cms | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product. | 2024-01-28 | 5.4 | CVE-2024-23782 [email protected] [email protected] |
appwrite — appwrite | Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the ‘/v1/avatars/favicon’ endpoint due to an incomplete fix of CVE-2023-27159. | 2024-01-30 | 5.3 | CVE-2024-1063 [email protected] |
areal_sas — webserv1 | A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users. | 2024-01-31 | 4.6 | CVE-2023-50357 [email protected] |
artios_media — product_code_for_woocommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Artios Media Product Code for WooCommerce allows Stored XSS. This issue affects Product Code for WooCommerce: from n/a through 1.4.4. | 2024-02-01 | 6.5 | CVE-2023-51669 [email protected] |
b&r_industrial_automation — automation_studio | Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal. This issue affects Automation Studio: from 4.0 through 4.12. | 2024-02-02 | 6.3 | CVE-2021-22281 [email protected] |
bi_excellence_software — openbi | A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696. | 2024-02-03 | 6.3 | CVE-2024-1198 [email protected] [email protected] [email protected] |
bi_excellence_software — openbi | A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308. | 2024-01-30 | 4.3 | CVE-2024-1033 [email protected] [email protected] [email protected] |
brave — brave_create_popup_optins_lead_generation_survey_sticky_elements_&_interactive_content | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: from n/a through 0.6.2. | 2024-02-01 | 5.9 | CVE-2023-51534 [email protected] |
brefphp — bref | Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in `/tmp` with a random filename starting with `bref_upload_`. The flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed. An attacker could fill the Lambda instance disk by performing multiple MultiPart requests containing files. This vulnerability is patched in 2.1.13. | 2024-02-01 | 6.5 | CVE-2024-24752 [email protected] [email protected] |
brefphp — bref | Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relies on multiple headers with the same key being set for security reasons, then Bref would lower the application security. For example, if an application sets multiple `Content-Security-Policy` headers, then Bref would just reflect the latest one. This vulnerability is patched in 2.1.13. | 2024-02-01 | 4.8 | CVE-2024-24753 [email protected] [email protected] |
cisco — multiple_products | A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices. | 2024-01-26 | 5.8 | CVE-2024-20263 [email protected] |
cisco — unity_connection | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2024-01-26 | 4.8 | CVE-2024-20305 [email protected] |
codeastro — employee_task_management_system | A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability. | 2024-02-03 | 5.4 | CVE-2024-1199 [email protected] [email protected] [email protected] |
codeboxr — cbx_map_for_google_map_&_openstreetmap | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS. This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.11. | 2024-01-31 | 6.5 | CVE-2024-22297 [email protected] |
codeboxr_team — cbx_bookmark_&_favorite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Codeboxr Team CBX Bookmark & Favorite allows Stored XSS. This issue affects CBX Bookmark & Favorite: from n/a through 1.7.13. | 2024-02-01 | 6.5 | CVE-2023-51514 [email protected] |
cogites — ereserv | A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability. | 2024-01-30 | 6.1 | CVE-2024-1026 [email protected] [email protected] |
cogites — ereserv | A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux”><script>alert(‘XSS’)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252302 is the identifier assigned to this vulnerability. | 2024-01-30 | 6.1 | CVE-2024-1029 [email protected] [email protected] |
crate — crate | CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1. | 2024-01-30 | 5.7 | CVE-2024-24565 [email protected] [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23856 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23857 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23858 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23859 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23860 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementcreate.php, in the unitofmeasurementid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23861 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23862 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuredisplay.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23863 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23864 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23865 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23866 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23867 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23868 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuanceprint.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23869 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23870 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23871 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23872 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23873 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23874 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23875 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurecreate.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23876 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23877 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23878 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23879 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23880 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23881 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23882 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuremodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23883 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnmodify.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23884 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrymodify.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23885 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemmodify.php, in the bincardinfo parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23886 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grncreate.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23887 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stocktransactionslist.php, in the itemidy parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23888 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23889 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23890 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23891 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23892 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23893 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23894 [email protected] |
cups_easy — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23896 [email protected] |
dassault_systems — delmia_apriso | An insertion of Sensitive Information into Log File vulnerability is affecting DELMIA Apriso Release 2019 through Release 2024 | 2024-02-01 | 4.4 | CVE-2024-0935 [email protected] |
dearhive — pdf_viewer_&_3d_pdf_flipbook_dearpdf | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DearHive PDF Viewer & 3D PDF Flipbook – DearPDF allows Stored XSS. This issue affects PDF Viewer & 3D PDF Flipbook – DearPDF: from n/a through 2.0.38. | 2024-01-31 | 6.5 | CVE-2024-23505 [email protected] |
dell — bsafe_micro_edition_suite | Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. | 2024-02-02 | 5.9 | CVE-2021-21575 [email protected] |
dell — powerscale_onefs | Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. | 2024-02-01 | 5.5 | CVE-2024-22430 [email protected] |
delower — wp_to_do | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Delower WP To Do allows Stored XSS. This issue affects WP To Do: from n/a through 1.2.8. | 2024-01-31 | 6.5 | CVE-2024-22292 [email protected] |
devolutions — remote_desktop_manager | Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. | 2024-01-31 | 5.4 | CVE-2024-0589 [email protected] |
discourse — discourse | Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`. | 2024-01-30 | 6.3 | CVE-2024-23834 [email protected] [email protected] [email protected] [email protected] |
discourse — discourse | discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret. | 2024-02-01 | 4.3 | CVE-2024-24755 [email protected] [email protected] |
droitthemes — droit_elementor_addons_widgets_blocks_templates_library_for_elementor_builder | Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5. | 2024-01-31 | 4.3 | CVE-2024-22136 [email protected] |
easy_digital_downloads — easy_digital_downloads_sell_digital_files_ecommerce_store_&_payments_made_easy | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS. This issue affects Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy): from n/a through 3.2.5. | 2024-02-01 | 6.5 | CVE-2023-51684 [email protected] |
epiphyt — embed_privacy | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Epiphyt Embed Privacy allows Stored XSS. This issue affects Embed Privacy: from n/a through 1.8.0. | 2024-02-01 | 6.5 | CVE-2023-51694 [email protected] |
eyoucms — eyoucms | Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 2024-02-01 | 6.1 | CVE-2024-22927 [email protected] |
eyoucms — eyoucms | Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 2024-02-01 | 6.1 | CVE-2024-23031 [email protected] |
eyoucms — eyoucms | Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 2024-02-01 | 6.1 | CVE-2024-23032 [email protected] |
eyoucms — eyoucms | Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 2024-02-01 | 6.1 | CVE-2024-23033 [email protected] |
eyoucms — eyoucms | Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | 2024-02-01 | 6.1 | CVE-2024-23034 [email protected] |
fahad_mahmood_&_alexandre_faustino — stock_locations_for_woocommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS. This issue affects Stock Locations for WooCommerce: from n/a through 2.5.9. | 2024-01-31 | 5.9 | CVE-2024-22153 [email protected] |
flexera — installshield | A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. | 2024-01-26 | 5.5 | CVE-2023-29081 [email protected] |
formzu_inc — formzu_wp | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Formzu Inc. Formzu WP allows Stored XSS. This issue affects Formzu WP: from n/a through 1.6.7. | 2024-01-31 | 6.5 | CVE-2024-22310 [email protected] |
gabriels — ftp_server | A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252287. | 2024-01-29 | 5.3 | CVE-2024-1017 [email protected] [email protected] [email protected] [email protected] |
gessler_gmbh — web_master | Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device. | 2024-02-01 | 4.4 | CVE-2024-1040 [email protected] |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input. | 2024-01-26 | 6.5 | CVE-2023-6159 [email protected] [email protected] [email protected] |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled. | 2024-01-26 | 5.3 | CVE-2023-5612 [email protected] [email protected] [email protected] |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests. | 2024-01-26 | 5.4 | CVE-2023-5933 [email protected] [email protected] [email protected] |
gitlab — gitlab | An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project | 2024-01-26 | 4.3 | CVE-2024-0456 [email protected] [email protected] |
glpi_project — glpi | GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12. | 2024-02-01 | 6.5 | CVE-2024-23645 [email protected] [email protected] [email protected] [email protected] |
glpi_project — glpi | GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12. | 2024-02-01 | 5.9 | CVE-2023-51446 [email protected] [email protected] [email protected] |
goauthentik — authentik | Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the code_challenge parameter to the authorization request and adds the code_verifier parameter to the token request. Prior to 2023.8.7 and 2023.10.7, a downgrade scenario is possible: if the attacker removes the code_challenge parameter from the authorization request, authentik will not do the PKCE check. Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. Versions 2023.8.7 and 2023.10.7 fix the issue. | 2024-01-30 | 6.5 | CVE-2024-23647 [email protected] [email protected] |
goreleaser — goreleaser | GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release –debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0. | 2024-01-30 | 5.5 | CVE-2024-23840 [email protected] [email protected] |
gvectors_team — comments_wpdiscuz | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS. This issue affects Comments – wpDiscuz: from n/a through 7.6.12. | 2024-02-01 | 5.9 | CVE-2023-51691 [email protected] |
harmonic_design — hd_quiz | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Harmonic Design HD Quiz allows Stored XSS. This issue affects HD Quiz: from n/a through 1.8.11. | 2024-01-31 | 5.9 | CVE-2024-22161 [email protected] |
hcl_software — bigfix_platform | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. | 2024-02-03 | 6.5 | CVE-2023-37528 [email protected] |
hcl_software — bigfix_platform | A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. | 2024-02-02 | 5.4 | CVE-2023-37527 [email protected] |
hcl_software — bigfix_servicenow_data_flow | HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. | 2024-01-30 | 6.4 | CVE-2023-37518 [email protected] |
hcl_software — launch_devops_deploy | HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. | 2024-02-03 | 6.2 | CVE-2024-23550 [email protected] |
hometory — mang_board_wp | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hometory Mang Board WP allows Stored XSS. This issue affects Mang Board WP: from n/a through 1.7.7. | 2024-01-31 | 5.9 | CVE-2024-22306 [email protected] |
honeywell — controledge_uoc | An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-01-31 | 5.3 | CVE-2023-5390 [email protected] [email protected] |
humansignal — label_studio | Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio’s SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack. | 2024-01-31 | 5.3 | CVE-2023-47116 [email protected] [email protected] [email protected] |
ibm — aspera_faspex | IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. | 2024-02-02 | 4.8 | CVE-2022-40744 [email protected] [email protected] |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. | 2024-02-02 | 6.5 | CVE-2023-32333 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 275113. | 2024-02-02 | 6.1 | CVE-2023-50933 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115. | 2024-02-02 | 6.5 | CVE-2023-50935 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109. | 2024-02-02 | 5.3 | CVE-2023-50327 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. | 2024-02-02 | 5.3 | CVE-2023-50328 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114. | 2024-02-02 | 5.3 | CVE-2023-50934 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131. | 2024-02-02 | 5.4 | CVE-2023-50941 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128. | 2024-02-02 | 4.3 | CVE-2023-50938 [email protected] [email protected] |
ibm — powersc | IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the “HTTP Strict Transport Security” (HSTS) web security policy mechanism. IBM X-Force ID: 276004. | 2024-02-02 | 5.9 | CVE-2023-50962 [email protected] [email protected] |
ibm — security_verify_access_appliance | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. | 2024-02-03 | 6.2 | CVE-2023-31005 [email protected] [email protected] |
ibm — security_verify_access_appliance | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776. | 2024-02-03 | 6.5 | CVE-2023-31006 [email protected] [email protected] |
ibm — security_verify_access_appliance | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972. | 2024-02-03 | 6.2 | CVE-2023-32329 [email protected] [email protected] |
ibm — soar_qradar_plugin_app | IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577. | 2024-02-02 | 6.5 | CVE-2023-38263 [email protected] [email protected] |
ibm — soar_qradar_plugin_app | IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. | 2024-02-02 | 4.3 | CVE-2023-38020 [email protected] [email protected] |
ibm — storage_protect_plus_server | IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. | 2024-02-02 | 5.3 | CVE-2023-47148 [email protected] [email protected] |
ibm — tivoli_application_dependency_discovery_manager | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271. | 2024-02-02 | 6.1 | CVE-2023-47144 [email protected] [email protected] |
ignazio_scimone — albo_pretorio_on_line | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6. | 2024-01-31 | 6.5 | CVE-2024-22302 [email protected] |
infornweb — posts_list_designer_by_category_list_category_posts_or_recent_posts | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in InfornWeb Posts List Designer by Category – List Category Posts Or Recent Posts allows Stored XSS. This issue affects Posts List Designer by Category – List Category Posts Or Recent Posts: from n/a through 3.3.2. | 2024-01-31 | 6.5 | CVE-2024-23502 [email protected] |
instawp — instawp_connect | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. | 2024-01-27 | 6.5 | CVE-2024-23506 [email protected] |
itop — vpn | A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 5.5 | CVE-2024-1195 [email protected] [email protected] [email protected] |
jhayghost — ideal_interactive_map | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4. | 2024-02-01 | 5.4 | CVE-2023-52189 [email protected] |
joomunited — wp-smart_editor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3. | 2024-02-01 | 6.1 | CVE-2024-22148 [email protected] |
keap — keap_official_opt-in_forms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS. This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11. | 2024-02-01 | 6.5 | CVE-2023-52192 [email protected] |
lamassu — bitcoin_atm_douro_machines | Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js. | 2024-01-30 | 6.3 | CVE-2024-0674 [email protected] |
lamassu — bitcoin_atm_douro_machines | Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user. | 2024-01-30 | 6.3 | CVE-2024-0675 [email protected] |
lamassu — bitcoin_atm_douro_machines | Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack. | 2024-01-30 | 5.6 | CVE-2024-0676 [email protected] |
lightcms_project — lightcms | LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management – Articles field. | 2024-01-29 | 5.4 | CVE-2024-22559 [email protected] |
linecorp — line | An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | 5.4 | CVE-2023-48126 [email protected] |
linecorp — line | An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | 5.4 | CVE-2023-48127 [email protected] |
linecorp — line | An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | 5.4 | CVE-2023-48128 [email protected] |
linecorp — line | An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | 5.4 | CVE-2023-48129 [email protected] |
linecorp — line | An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | 5.4 | CVE-2023-48130 [email protected] |
linecorp — line | An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | 5.4 | CVE-2023-48131 [email protected] |
linecorp — line | An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | 5.4 | CVE-2023-48132 [email protected] |
linecorp — line | An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | 5.4 | CVE-2023-48133 [email protected] |
linecorp — line | An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | 5.4 | CVE-2023-48135 [email protected] |
linux — glibc | An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. | 2024-01-31 | 5.3 | CVE-2023-6780 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
linux — kernel | Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server – including access to its local file system. This issue affects AppBuilder: from 21.2 before 23.2. | 2024-01-29 | 5.5 | CVE-2023-4552 [email protected] |
linux — kernel | A flaw was found in the Linux kernel’s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is “max page sharing=256”, it is possible for the attacker to time the unmap to merge with the victim’s page. The unmapping time depends on whether it merges with the victim’s page and additional physical pages are created beyond the KSM’s “max page share”. Through these operations, the attacker can leak the victim’s page. | 2024-01-30 | 5.3 | CVE-2024-0564 [email protected] [email protected] [email protected] [email protected] [email protected] |
live_composer_team — page_builder_live_composer | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS. This issue affects Page Builder: Live Composer: from n/a through 1.5.23. | 2024-02-01 | 6.5 | CVE-2023-52193 [email protected] |
lj_apps — wp_review_slider | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LJ Apps WP Review Slider allows Stored XSS. This issue affects WP Review Slider: from n/a through 12.7. | 2024-02-01 | 5.9 | CVE-2023-51685 [email protected] |
lobehub — lobe_chat | Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4. | 2024-01-31 | 5.3 | CVE-2024-24566 [email protected] [email protected] |
magazine3 — schema_&_structured_data_for_wp_&_amp | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS. This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.23. | 2024-02-01 | 6.5 | CVE-2023-51677 [email protected] |
magazine3 — schema_&_structured_data_for_wp_&_amp | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS. This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25. | 2024-01-31 | 6.5 | CVE-2024-22146 [email protected] |
mailcow — mailcow_dockerized | mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn’t respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01. | 2024-02-02 | 4.7 | CVE-2024-23824 [email protected] [email protected] [email protected] |
markusbegerow — wp-adv-quiz | The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-01-29 | 4.8 | CVE-2023-5956 [email protected] |
math_game — math_game | The ‘Your Name’ field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. | 2024-01-29 | 6.1 | CVE-2024-24136 [email protected] |
megabip — megabip | Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2 (newer versions were not tested; the vendor has not confirmed fixing the vulnerability). | 2024-01-29 | 5.4 | CVE-2023-5378 [email protected] [email protected] [email protected] [email protected] |
michael_uno_miunosoft — auto_amazon_links_amazon_associates_affiliate_plugin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michael Uno (miunosoft) Auto Amazon Links – Amazon Associates Affiliate Plugin allows Stored XSS. This issue affects Auto Amazon Links – Amazon Associates Affiliate Plugin: from n/a through 5.1.1. | 2024-02-01 | 6.5 | CVE-2023-52175 [email protected] |
microsoft — edge_chromium | Microsoft Edge for Android Spoofing Vulnerability | 2024-01-26 | 5.3 | CVE-2024-21387 [email protected] |
microsoft — edge_chromium | Microsoft Edge for Android Information Disclosure Vulnerability | 2024-01-26 | 4.3 | CVE-2024-21382 [email protected] |
microsoft — edge_chromium_based | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2024-01-30 | 6.5 | CVE-2024-21388 [email protected] |
mitsubishi_electric_corporation — melsec_ws_series_ws0-geth00200 | Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules. | 2024-01-30 | 5.9 | CVE-2023-6374 [email protected] [email protected] [email protected] |
moby — buildkit | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources. | 2024-01-31 | 5.3 | CVE-2024-23650 [email protected] [email protected] [email protected] |
moby — moby | Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases. | 2024-02-01 | 6.9 | CVE-2024-24557 [email protected] [email protected] |
naa986 — easy_video_play_plugin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in naa986 Easy Video Player allows Stored XSS. This issue affects Easy Video Player: from n/a through 1.2.2.10. | 2024-02-01 | 6.5 | CVE-2023-51689 [email protected] |
nahsra — antisamy | AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy’s sanitized output. Patched in AntiSamy 1.7.5 and later. | 2024-02-02 | 6.1 | CVE-2024-23635 [email protected] |
national_keep_cyber_security_services — cybermath | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS. This issue affects CyberMath: from v.1.4 before v.1.5. | 2024-02-02 | 6.1 | CVE-2023-6673 [email protected] |
national_keep_cyber_security_services — cybermath | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS. This issue affects CyberMath: from v1.4 before v1.5. | 2024-02-02 | 5.4 | CVE-2023-6672 [email protected] |
neil_gee — slicknav_mobile_menu | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Neil Gee SlickNav Mobile Menu allows Stored XSS. This issue affects SlickNav Mobile Menu: from n/a through 1.9.2. | 2024-02-01 | 5.9 | CVE-2023-51548 [email protected] |
netbox — netbox | A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 6.1 | CVE-2024-0948 [email protected] [email protected] [email protected] |
njtech — greencms | A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2024-01-29 | 5.4 | CVE-2024-22570 [email protected] |
octoprint — octoprint | OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0. | 2024-01-31 | 4.2 | CVE-2024-23637 [email protected] [email protected] [email protected] |
opencryptoki — opencryptoki | A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. | 2024-01-31 | 5.9 | CVE-2024-0914 [email protected] [email protected] [email protected] |
openfga — openfga | OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. Version 1.4.3 contains a patch for this issue. | 2024-01-26 | 6.5 | CVE-2024-23820 [email protected] [email protected] [email protected] |
openharmony — openharmony | in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write. | 2024-02-02 | 4.2 | CVE-2023-45734 [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. | 2024-02-02 | 4.7 | CVE-2024-0285 [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. | 2024-02-02 | 4.7 | CVE-2024-21863 [email protected] |
opensc — opensc | A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. | 2024-01-31 | 5.6 | CVE-2023-5992 [email protected] [email protected] [email protected] |
openssl — openssl | Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. | 2024-01-26 | 5.5 | CVE-2024-0727 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
opentext — appbuilder | Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2. | 2024-01-29 | 5.3 | CVE-2023-4553 [email protected] |
opentext — appbuilder | Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder’s XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. | 2024-01-29 | 4.9 | CVE-2023-4554 [email protected] |
otrs — otrs | When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1. | 2024-01-29 | 6.5 | CVE-2024-23792 [email protected] |
palantir — blackbird-witchcraft | Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system. | 2024-01-29 | 6.5 | CVE-2023-30970 [email protected] |
peepso — community_by_peepso_social_network_membership_registration_user_profiles | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS. This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a before 6.3.1.0. | 2024-01-31 | 6.5 | CVE-2024-22158 [email protected] |
pegasystems — pega_platform | Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | 2024-01-31 | 6.1 | CVE-2023-50166 [email protected] |
pickplugins — related_post | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PickPlugins Related Post allows Stored XSS. This issue affects Related Post: from n/a through 2.0.53. | 2024-02-01 | 6.5 | CVE-2023-51666 [email protected] |
pixee — java_security_toolkit | The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow “escaping” into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2. | 2024-02-01 | 5.4 | CVE-2024-24569 [email protected] [email protected] [email protected] |
pixee — java_security_toolkit | Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`. | 2024-02-01 | 4.5 | CVE-2024-0831 [email protected] [email protected] |
plotly — dash_core_components | Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that’s visible to another user who opens that view – not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server. **Note:** This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user. | 2024-02-02 | 6.5 | CVE-2024-21485 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
posts_to_page — kerry_james | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Posts to Page Kerry James allows Stored XSS. This issue affects Kerry James: from n/a through 1.7. | 2024-02-01 | 6.5 | CVE-2023-52195 [email protected] |
qiniu — rebuild | A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability. | 2024-01-29 | 6.3 | CVE-2024-1021 [email protected] [email protected] [email protected] |
qiniu — rebuild | A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455. | 2024-01-31 | 4.3 | CVE-2024-1098 [email protected] [email protected] [email protected] |
qnap_systems_inc — photo_station | A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 (2023/12/15) and later | 2024-02-02 | 5.5 | CVE-2023-47561 [email protected] |
qnap_systems_inc — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 6.6 | CVE-2023-39302 [email protected] |
qnap_systems_inc — qts | An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.3 | CVE-2023-39303 [email protected] |
qnap_systems_inc — qts | A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41273 [email protected] |
qnap_systems_inc — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41275 [email protected] |
qnap_systems_inc — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41276 [email protected] |
qnap_systems_inc — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41277 [email protected] |
qnap_systems_inc — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41278 [email protected] |
qnap_systems_inc — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41279 [email protected] |
qnap_systems_inc — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41280 [email protected] |
qnap_systems_inc — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41281 [email protected] |
qnap_systems_inc — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41282 [email protected] |
qnap_systems_inc — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41283 [email protected] |
qnap_systems_inc — qts | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-45026 [email protected] |
qnap_systems_inc — qts | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-45027 [email protected] |
qnap_systems_inc — qts | An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-45028 [email protected] |
qnap_systems_inc — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 4.7 | CVE-2023-47567 [email protected] |
qnap_systems_inc — qts | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 5.5 | CVE-2023-41274 [email protected] |
qnap_systems_inc — qutscloud | An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later | 2024-02-02 | 5 | CVE-2023-32967 [email protected] |
qnap_systems_inc — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 6.7 | CVE-2023-47566 [email protected] |
rapid_software_llc — rapid_scada | In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. | 2024-02-02 | 6.2 | CVE-2024-21869 [email protected] [email protected] |
rapid_software_llc — rapid_scada | In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system. | 2024-02-02 | 6.5 | CVE-2024-22096 [email protected] [email protected] |
rapid_software_llc — rapid_scada | In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | 2024-02-02 | 5.4 | CVE-2024-21794 [email protected] [email protected] |
rapid_software_llc — rapid_scada | In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request. | 2024-02-02 | 5.3 | CVE-2024-21866 [email protected] [email protected] |
rebic — jspxcms | A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability. | 2024-02-03 | 5.3 | CVE-2024-1200 [email protected] [email protected] [email protected] |
red_hat — multiple_products | A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn’t match the format string used by it, leading to a crash under certain circumstances. | 2024-01-29 | 6.2 | CVE-2023-40546 [email protected] [email protected] |
red_hat — multiple_products | An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service. | 2024-01-29 | 6.2 | CVE-2023-40549 [email protected] [email protected] |
red_hat — multiple_products | An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system’s boot phase. | 2024-01-29 | 5.5 | CVE-2023-40550 [email protected] [email protected] |
red_hat — multiple_products | A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system’s boot phase. | 2024-01-29 | 5.1 | CVE-2023-40551 [email protected] [email protected] |
red_hat — multiple_products | A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. | 2024-01-29 | 4.9 | CVE-2023-40548 [email protected] [email protected] |
redhat — keycloak | A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. | 2024-01-26 | 6.1 | CVE-2023-6291 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
rems — online_food_menu | Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the ‘Menu Name’ and ‘Description’ fields in the Update Menu section. | 2024-01-29 | 4.8 | CVE-2024-24134 [email protected] |
robosoft — photo_gallery_images_slider_in_rbs_image_gallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS. This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17. | 2024-01-31 | 5.9 | CVE-2024-22295 [email protected] |
russelljamieson — footer_putter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Russell Jamieson Footer Putter allows Stored XSS. This issue affects Footer Putter: from n/a through 1.17. | 2024-02-01 | 5.4 | CVE-2023-52188 [email protected] |
scribit — shortcodes_finder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5. | 2024-02-01 | 6.1 | CVE-2024-21750 [email protected] |
seo_panel — seo_panel | A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. | 2024-01-30 | 6.5 | CVE-2024-22643 [email protected] |
seopanel — seo_panel | An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. | 2024-01-30 | 5.3 | CVE-2024-22646 [email protected] |
seopanel — seo_panel | An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | 2024-01-30 | 5.3 | CVE-2024-22647 [email protected] |
seopanel — seo_panel | A Blind SSRF vulnerability exists in the “Crawl Meta Data” functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. | 2024-01-30 | 5.3 | CVE-2024-22648 [email protected] |
sew_eurodrive — movitools_motionstudio | When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur. | 2024-02-01 | 5.5 | CVE-2024-1167 [email protected] [email protected] |
shanxi_diankeyun_technology — noderp | A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-29 | 5.3 | CVE-2024-1005 [email protected] [email protected] [email protected] |
shopsite — shopsite | An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. | 2024-01-26 | 6.1 | CVE-2024-22550 [email protected] |
sni — thruk | Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue. | 2024-01-29 | 5.4 | CVE-2024-23822 [email protected] [email protected] |
softtaculous_ampps — ampps | A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written. | 2024-02-02 | 5.3 | CVE-2024-1189 [email protected] [email protected] [email protected] |
solar — ftp_server | A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared as problematic. This vulnerability affects unknown code of the component PASV Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252286 is the identifier assigned to this vulnerability. | 2024-01-29 | 5.3 | CVE-2024-1016 [email protected] [email protected] [email protected] |
sourcecodester — employee_management_system | A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280. | 2024-01-29 | 4.3 | CVE-2024-1011 [email protected] [email protected] [email protected] |
sourcecodester — facebook_news_feed_like | A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-252300. | 2024-01-30 | 6.3 | CVE-2024-1027 [email protected] [email protected] |
sourcecodester — qr_code_login_system | A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched remotely. VDB-252470 is the identifier assigned to this vulnerability. | 2024-01-31 | 4.3 | CVE-2024-1111 [email protected] [email protected] |
sourcecodester — testimonial_page_manager | A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability. | 2024-02-02 | 4.3 | CVE-2024-1196 [email protected] [email protected] |
spbu_se — spbu_se_site | spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is due to no limitation of the length of the filename and the costly use of the Unicode normalization with the form NFKD on Windows OS. This vulnerability was fixed in the 2024.01.29 release. | 2024-01-29 | 6.8 | CVE-2024-23826 [email protected] [email protected] |
splunk — splunk_add_on_builder | In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. | 2024-01-30 | 6.8 | CVE-2023-46231 [email protected] |
sunlight-cms — sunlight_cms | Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. | 2024-01-27 | 5.4 | CVE-2023-48201 [email protected] |
sunlight-cms — sunlight_cms | Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. | 2024-01-27 | 5.4 | CVE-2023-48202 [email protected] |
superantispyware — superantispyware_pro_x | SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. | 2024-01-29 | 5.8 | CVE-2024-0788 [email protected] [email protected] |
swapnilsahu — stock_management_system | A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252203. | 2024-01-27 | 5.4 | CVE-2024-0958 [email protected] [email protected] [email protected] |
synaptics — fingerprint_driver | Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | 2024-01-27 | 5.2 | CVE-2023-6482 [email protected] |
takayuki_miyauchi — oembed_gist | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS. This issue affects oEmbed Gist: from n/a through 4.9.1. | 2024-02-01 | 6.5 | CVE-2023-52194 [email protected] |
theme-junkie — tj_shortcodes | The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2024-01-29 | 5.4 | CVE-2023-6530 [email protected] [email protected] |
themify_icons — themify_icons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themify Icons allows Stored XSS. This issue affects Themify Icons: from n/a through 2.0.1. | 2024-02-01 | 6.5 | CVE-2023-51693 [email protected] |
torbjon — infogram_add_charts_maps_and_infographics | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Torbjon Infogram – Add charts, maps and infographics allows Stored XSS. This issue affects Infogram – Add charts, maps and infographics: from n/a through 1.6.1. | 2024-02-01 | 6.5 | CVE-2023-52191 [email protected] |
totolink — n200re-v5_firmware | A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.3 | CVE-2024-0942 [email protected] [email protected] [email protected] [email protected] |
totolink — n350rt_firmware | A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 6.5 | CVE-2024-0943 [email protected] [email protected] [email protected] |
totolink — t8_firmware | A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 5.3 | CVE-2024-0944 [email protected] [email protected] [email protected] |
upstream — upstream | A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled. | 2024-02-01 | 5.5 | CVE-2024-1141 [email protected] [email protected] |
ushainformatique — whatacart | WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. | 2024-01-26 | 6.1 | CVE-2024-22551 [email protected] |
vantage6 — vantage6 | The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the docker image. Version 4.2.0 patches the vulnerability. | 2024-01-30 | 6.5 | CVE-2024-21653 [email protected] [email protected] |
virusblokada — vba32_antivirus | Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. | 2024-01-29 | 5.5 | CVE-2024-23441 [email protected] [email protected] |
vyperlang — vyper | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions. | 2024-01-30 | 4.8 | CVE-2024-24567 [email protected] [email protected] |
wanhu — ezoffice | A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0. This issue affects some unknown processing of the file defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp. The manipulation of the argument recordId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252281 was assigned to this vulnerability. | 2024-01-31 | 6.3 | CVE-2024-1012 [email protected] [email protected] [email protected] |
willyxj — facilemanager | facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $_SESSION via the GET/POST parameters. However, it does not prevent manipulation of any other sensitive variables such as $search_sql. Knowing this, an authenticated user with privileges to view site logs can manipulate the search_sql variable by appending a GET parameter search_sql in the URL. The information above means that the checks and SQL injection prevention attempts were rendered unusable. | 2024-01-31 | 6.5 | CVE-2024-24572 [email protected] [email protected] |
willyxj — facilemanager | facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation. | 2024-01-31 | 5.4 | CVE-2024-24571 [email protected] [email protected] |
wordpress — wordpress | The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘userpro’ shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-31 | 6.4 | CVE-2023-2439 [email protected] [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19. | 2024-02-01 | 6.5 | CVE-2023-51532 [email protected] |
wordpress — wordpress | The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-01-29 | 6.1 | CVE-2023-6278 [email protected] |
wordpress — wordpress | The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the “wptbto” parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | 2024-01-29 | 6.1 | CVE-2023-6389 [email protected] [email protected] |
wordpress — wordpress | The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘advanced_iframe’ shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-01 | 6.4 | CVE-2023-7069 [email protected] [email protected] |
wordpress — wordpress | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-30 | 6.4 | CVE-2023-7225 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Cloudflare WordPress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API. | 2024-01-29 | 6.5 | CVE-2024-0212 [email protected] [email protected] |
wordpress — wordpress | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the ‘execute’ function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the ‘BoosterController’ class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-27 | 6.3 | CVE-2024-0667 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied ‘location’ attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-02 | 6.4 | CVE-2024-0963 [email protected] [email protected] [email protected] |
wordpress — wordpress | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filter_array’ parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-02 | 6.4 | CVE-2024-1073 [email protected] [email protected] [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n/a through 3.1. | 2024-01-31 | 6.5 | CVE-2024-22150 [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0. | 2024-02-01 | 5.5 | CVE-2023-51506 [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2. | 2024-02-01 | 5.9 | CVE-2023-51536 [email protected] |
wordpress — wordpress | The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitization as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2024-01-29 | 5.4 | CVE-2023-6503 [email protected] [email protected] |
wordpress — wordpress | The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 2024-01-29 | 5.4 | CVE-2023-7089 [email protected] |
wordpress — wordpress | The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | 2024-01-29 | 5.3 | CVE-2023-7199 [email protected] [email protected] |
wordpress — wordpress | The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export. | 2024-02-02 | 5.9 | CVE-2024-0685 [email protected] [email protected] |
wordpress — wordpress | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-27 | 5.4 | CVE-2024-0824 [email protected] [email protected] |
wordpress — wordpress | The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-03 | 5.4 | CVE-2024-0895 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content. | 2024-02-03 | 5.3 | CVE-2024-0909 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys. | 2024-02-02 | 5.3 | CVE-2024-1047 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 2024-01-29 | 4.8 | CVE-2023-5943 [email protected] |
wordpress — wordpress | The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2024-01-29 | 4.8 | CVE-2023-6165 [email protected] [email protected] |
wordpress — wordpress | The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-27 | 4.8 | CVE-2023-6497 [email protected] [email protected] |
wordpress — wordpress | The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks | 2024-01-29 | 4.3 | CVE-2023-6633 [email protected] |
wordpress — wordpress | The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-27 | 4.8 | CVE-2024-0618 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-27 | 4.8 | CVE-2024-0664 [email protected] [email protected] |
wordpress — wordpress | The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-01-27 | 4.9 | CVE-2024-0697 [email protected] [email protected] |
wordpress — wordpress | The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews. | 2024-01-31 | 4.3 | CVE-2024-0836 [email protected] [email protected] |
wordpress — wordpress | The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with “Form.php” on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-02-02 | 4.7 | CVE-2024-0844 [email protected] [email protected] |
wordpress — wordpress | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-02-02 | 4.3 | CVE-2024-1162 [email protected] [email protected] |
wp_event_manager — wp_user_profile_avatar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS. This issue affects WP User Profile Avatar: from n/a through 1.0. | 2024-02-01 | 6.5 | CVE-2023-52118 [email protected] |
wpdevelop_oplugins — wp_booking_calendar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS. This issue affects WP Booking Calendar: from n/a before 9.7.4. | 2024-02-01 | 6.5 | CVE-2023-51520 [email protected] |
wpeverest — everest_forms_build_contact_forms_surveys_polls_application_forms_and_more_with_ease | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS. This issue affects Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!: from n/a through 2.0.4.1. | 2024-02-01 | 5.9 | CVE-2023-51695 [email protected] |
zscaler — zia | In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello’s Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic. | 2024-01-31 | 5.1 | CVE-2023-28807 [email protected] [email protected] |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
armcode — alienip | A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 3.3 | CVE-2024-1194 [email protected] [email protected] [email protected] |
brefphp — bref | Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13. | 2024-02-01 | 3.7 | CVE-2024-24754 [email protected] [email protected] |
codeastro — expense_management_system | A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252304. | 2024-01-30 | 3.5 | CVE-2024-1031 [email protected] [email protected] [email protected] |
codeastro — real_estate_management_system | A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input <img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252458 is the identifier assigned to this vulnerability. | 2024-01-31 | 3.5 | CVE-2024-1103 [email protected] [email protected] [email protected] |
codeastro — simple_student_result_management_system | A vulnerability, which was classified as problematic, was found in CodeAstro Simple Student Result Management System 5.6. This affects an unknown part of the file /add_classes.php of the component Add Class Page. The manipulation of the argument Class Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252291. | 2024-01-29 | 2.4 | CVE-2024-1022 [email protected] [email protected] [email protected] |
cogites — ereserv | A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252303. | 2024-01-30 | 3.5 | CVE-2024-1030 [email protected] [email protected] |
eset,_spol._s.r.o. — multiple_products | Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions. | 2024-01-31 | 3.3 | CVE-2023-7043 [email protected] |
global_scape — cuteftp | A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 3.3 | CVE-2024-1190 [email protected] [email protected] [email protected] |
hcl_software — bigfix_platform | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. | 2024-02-02 | 3 | CVE-2024-23553 [email protected] |
helix — sync | In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. | 2024-02-01 | 3.6 | CVE-2024-0325 [email protected] |
ibm — storage_ceph | IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. | 2024-02-02 | 2.6 | CVE-2023-46159 [email protected] [email protected] |
linux — kernel | Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. | 2024-01-30 | 3.5 | CVE-2024-21803 [email protected] |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-01-26 | 3.3 | CVE-2024-21383 [email protected] |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-01-26 | 2.5 | CVE-2024-21336 [email protected] |
munsoft — easy_archive_recovery | A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 3.3 | CVE-2024-1186 [email protected] [email protected] [email protected] [email protected] |
munsoft — easy_outlook_express_recovery | A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 3.3 | CVE-2024-1187 [email protected] [email protected] [email protected] |
navicat — navicat | A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 3.3 | CVE-2024-1193 [email protected] [email protected] [email protected] |
nsasoft — nbmonitor_network_bandwidth_monitor | A vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252675. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 3.3 | CVE-2024-1185 [email protected] [email protected] [email protected] |
nsasoft — network_sleuth | A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-252674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 3.3 | CVE-2024-1184 [email protected] [email protected] [email protected] |
openharmony — openharmony | in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. | 2024-02-02 | 2.9 | CVE-2023-43756 [email protected] |
openharmony — openharmony | in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. | 2024-02-02 | 2.9 | CVE-2023-49118 [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. | 2024-02-02 | 2.9 | CVE-2024-21845 [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. | 2024-02-02 | 2.9 | CVE-2024-21851 [email protected] |
palantir — foundry_slate | In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants. | 2024-01-29 | 3.5 | CVE-2023-22836 [email protected] |
pbootcms — pbootcms | A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252288. | 2024-01-29 | 2.4 | CVE-2024-1018 [email protected] [email protected] [email protected] |
qiniu — rebuild | A vulnerability classified as problematic was found in Rebuild up to 3.5.5. Affected by this vulnerability is the function getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252289 was assigned to this vulnerability. | 2024-01-29 | 3.5 | CVE-2024-1020 [email protected] [email protected] [email protected] |
qiniu — rebuild | A vulnerability was found in Rebuild up to 3.5.5. It has been classified as problematic. Affected is the function getFileOfData of the file /filex/read-raw. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252456. | 2024-01-31 | 3.5 | CVE-2024-1099 [email protected] [email protected] [email protected] |
qnap_systems_inc — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 3.8 | CVE-2023-41292 [email protected] |
qnap_systems_inc — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 3.8 | CVE-2023-45035 [email protected] |
qnap_systems_inc — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 3.8 | CVE-2023-45036 [email protected] |
qnap_systems_inc — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later | 2024-02-02 | 3.8 | CVE-2023-45037 [email protected] |
qnap_systems_inc — qts | An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later | 2024-02-02 | 3.4 | CVE-2023-50359 [email protected] |
rizone_soft — notepad3 | A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-02 | 3.3 | CVE-2024-1188 [email protected] [email protected] [email protected] |
sourcecodester — crud_without_page_reload | A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability. | 2024-02-03 | 3.5 | CVE-2024-1215 [email protected] [email protected] [email protected] |
sourcecodester — employee_management_system | A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279. | 2024-01-29 | 3.5 | CVE-2024-1010 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — facebook_news_feed_like | A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252292. | 2024-01-30 | 3.5 | CVE-2024-1024 [email protected] [email protected] |
sourcecodester — facebook_news_feed_like | A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input <marquee>HACKED</marquee> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252301 was assigned to this vulnerability. | 2024-01-30 | 3.5 | CVE-2024-1028 [email protected] [email protected] |
spring — spring_cloud_contract | In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | 2024-01-31 | 3.3 | CVE-2024-22236 [email protected] |
vantage6 — vantage6 | The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability. | 2024-01-30 | 3.7 | CVE-2024-21671 [email protected] [email protected] |
vantage6 — vantage6 | The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. | 2024-01-30 | 3.5 | CVE-2024-22193 [email protected] [email protected] |
vantage6 — vantage6_ui | vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0. | 2024-01-30 | 3.3 | CVE-2024-22200 [email protected] [email protected] |
vyperlang — vyper | Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value’s length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned. | 2024-02-02 | 3.7 | CVE-2024-24560 [email protected] |
wordpress — wordpress | TablePress is a table plugin for WordPress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance’s metadata REST API. If the instance’s configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5. | 2024-01-30 | 3 | CVE-2024-23825 [email protected] [email protected] |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
academy_software_foundation — openexr | Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. | 2024-02-01 | not yet calculated | CVE-2023-5841 [email protected] |
ait-deutschland — alpha_innotec_heatpumps | An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 and Novelan Heatpumps wp2reg-V.3.88.0-9015, allows remote attackers to execute arbitrary code via the password component in the shadow file. | 2024-01-30 | not yet calculated | CVE-2024-22894 [email protected] [email protected] |
android — mercari | Improper authorization in handler for custom URL scheme issue in “Mercari” App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | 2024-01-26 | not yet calculated | CVE-2024-23388 [email protected] |
aprktool — aprktool | Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. | 2024-02-02 | not yet calculated | CVE-2024-24482 [email protected] |
archibus — archibus | An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database. | 2024-02-02 | not yet calculated | CVE-2023-48645 [email protected] |
before_beetl — before_beetl | Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. | 2024-02-02 | not yet calculated | CVE-2024-22533 [email protected] |
blurams — lumi_security_camera | An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. | 2024-02-02 | not yet calculated | CVE-2023-50488 [email protected] [email protected] |
blurams — lumi_security_camera | An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | 2024-02-02 | not yet calculated | CVE-2023-51820 [email protected] [email protected] |
buffalo — ls210d | Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root. | 2024-01-29 | not yet calculated | CVE-2023-49038 [email protected] |
connectwise — screenconnect | ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings | 2024-02-01 | not yet calculated | CVE-2023-47256 [email protected] |
connectwise — screenconnect | ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. | 2024-02-01 | not yet calculated | CVE-2023-47257 [email protected] |
craft_cms — craft_cms | Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation. | 2024-01-30 | not yet calculated | CVE-2023-36259 [email protected] [email protected] |
craft_cms — craft_cms | An issue discovered in Craft CMS version 4.6.1. allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected. | 2024-01-30 | not yet calculated | CVE-2023-36260 [email protected] [email protected] |
cratedb — cratedb | CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity. (https://github.com/crate/crate/issues/15231) | 2024-01-30 | not yet calculated | CVE-2023-51982 [email protected] |
curl — curl | curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check. | 2024-02-03 | not yet calculated | CVE-2024-0853 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 |
curl — multiple_curl_products | tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to contain an off-by-one out-of-bounds array index via the component tool_cb_wrt. | 2024-01-30 | not yet calculated | CVE-2023-52071 [email protected] [email protected] |
dataq — datalogger_web | An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers to obtain sensitive information via a crafted request. | 2024-02-01 | not yet calculated | CVE-2023-37621 [email protected] |
devicefarmer — devicefarmer_stf | DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm. | 2024-01-29 | not yet calculated | CVE-2023-51839 [email protected] [email protected] [email protected] |
duckdb — duckdb | DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature. | 2024-01-30 | not yet calculated | CVE-2024-22682 [email protected] |
fluisty — fluisty-cms | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. | 2024-02-02 | not yet calculated | CVE-2024-24470 [email protected] |
fluisty — fluisty-cms | Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. | 2024-02-02 | not yet calculated | CVE-2024-24524 [email protected] |
google — chrome | Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) | 2024-01-30 | not yet calculated | CVE-2024-1059 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-01-30 | not yet calculated | CVE-2024-1060 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) | 2024-01-30 | not yet calculated | CVE-2024-1077 [email protected] [email protected] [email protected] [email protected] |
graphviz — graphvix | Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. | 2024-02-02 | not yet calculated | CVE-2023-46045 [email protected] [email protected] [email protected] |
group_office — group_office | Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 2024-02-01 | not yet calculated | CVE-2024-23941 [email protected] [email protected] [email protected] |
gtb_technologies — gtb_central_console | An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform. | 2024-02-02 | not yet calculated | CVE-2024-22107 [email protected] [email protected] |
gtb_technologies — gtb_central_console | An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value. | 2024-02-02 | not yet calculated | CVE-2024-22108 [email protected] [email protected] |
jfinalcms — jfinalcms | JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | 2024-02-02 | not yet calculated | CVE-2024-24029 [email protected] |
kddi_corporation — home_spot_cube2 | Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported. | 2024-02-02 | not yet calculated | CVE-2024-21780 [email protected] [email protected] |
kddi_corporation — home_spot_cube2 | Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported. | 2024-02-02 | not yet calculated | CVE-2024-23978 [email protected] [email protected] |
line_corporation — central_dogma | Central Dogma versions prior to 0.64.0 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. | 2024-02-02 | not yet calculated | CVE-2024-1143 [email protected] |
liveconfig — liveconfig | Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. | 2024-02-02 | not yet calculated | CVE-2024-22851 [email protected] |
livewire — livewire | Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. | 2024-02-01 | not yet calculated | CVE-2024-22859 [email protected] |
logpoint — logpoint_siem | The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. | 2024-02-03 | not yet calculated | CVE-2023-49950 [email protected] [email protected] |
madewithreact — react-dashboard | react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set. | 2024-01-30 | not yet calculated | CVE-2023-51843 [email protected] [email protected] [email protected] |
mbed_tls — mbed_tls | An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in “Everlasting ROBOT: the Marvin Attack” by Hubert Kario. | 2024-01-31 | not yet calculated | CVE-2024-23170 [email protected] |
mbed_tls — mbed_tls | Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension(). | 2024-01-31 | not yet calculated | CVE-2024-23775 [email protected] |
miro — miro_desktop | Miro Desktop 0.8.18 on macOS allows Electron code injection. | 2024-02-02 | not yet calculated | CVE-2024-23746 [email protected] [email protected] [email protected] |
mr_cms — mr_cms | MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. | 2024-02-02 | not yet calculated | CVE-2024-24160 [email protected] |
mr_cms — mr_cms | MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. | 2024-02-02 | not yet calculated | CVE-2024-24161 [email protected] |
nagios_xi — noc | A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators. | 2024-02-02 | not yet calculated | CVE-2023-51072 [email protected] |
notion — web_clipper | In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application’s context. | 2024-01-31 | not yet calculated | CVE-2024-23745 [email protected] |
objectplanet — opinio | Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application. | 2024-02-01 | not yet calculated | CVE-2023-4472 [email protected] [email protected] |
open_robotics — ros_2_foxy_fitzroy | An issue discovered in shell command execution in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows an attacker to run arbitrary commands and cause other impacts. | 2024-01-30 | not yet calculated | CVE-2023-51197 [email protected] |
open_robotics — ros_2_foxy_fitzroy | An issue in the permission and access control components within ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to gain escalate privileges. | 2024-01-30 | not yet calculated | CVE-2023-51198 [email protected] |
open_robotics — ros_2_foxy_fitzroy | OS command injection vulnerability in command processing or system call componentsROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary commands. | 2024-01-30 | not yet calculated | CVE-2023-51202 [email protected] |
open_robotics — ros_2_foxy_fitzroy | Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to execute arbitrary code via a crafted input. | 2024-01-30 | not yet calculated | CVE-2023-51204 [email protected] |
poco — poco | UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0. | 2024-01-27 | not yet calculated | CVE-2023-52389 [email protected] [email protected] [email protected] |
poscms — poscms | Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. | 2024-01-31 | not yet calculated | CVE-2024-22569 [email protected] |
qiyu — ifair | Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component. | 2024-01-30 | not yet calculated | CVE-2024-22523 [email protected] |
relic — relic_toolkit | An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. | 2024-02-01 | not yet calculated | CVE-2023-51939 [email protected] [email protected] [email protected] |
reprise_software — reprise_license_manager | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account. | 2024-02-03 | not yet calculated | CVE-2023-43183 [email protected] [email protected] |
reprise_software — reprise_license_manager | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. | 2024-02-03 | not yet calculated | CVE-2023-44031 [email protected] [email protected] |
schlix — schlix_cms | An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file. | 2024-01-31 | not yet calculated | CVE-2023-31505 [email protected] |
simplesite — payment_ex | Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the information of the user who purchases merchandise using Payment EX. | 2024-02-01 | not yet calculated | CVE-2024-24548 [email protected] |
softing — th_scope | Softing TH SCOPE through 3.70 allows XSS. | 2024-01-30 | not yet calculated | CVE-2023-37571 [email protected] [email protected] |
software_fx — chart_fx | An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | 2024-02-02 | not yet calculated | CVE-2023-39611 [email protected] |
solar-og — base_15 | A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. | 2024-02-02 | not yet calculated | CVE-2023-46344 [email protected] [email protected] |
sourcecodester — product_inventory | Product Name and Product Code in the ‘Add Product’ section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. | 2024-01-29 | not yet calculated | CVE-2024-24135 [email protected] |
sourcecodester– free_open-source_inventory_management_system | Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component. | 2024-01-30 | not yet calculated | CVE-2023-51813 [email protected] |
sparx_systems — enterprise_architect | SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box. | 2024-01-31 | not yet calculated | CVE-2022-47072 [email protected] |
travel_journal — source_code | A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php. | 2024-02-01 | not yet calculated | CVE-2024-24041 [email protected] [email protected] |
travel_journal — source_code | A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php. | 2024-02-01 | not yet calculated | CVE-2024-24945 [email protected] [email protected] |
trend_micro,_inc — security_consumer_uiairsupport | Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. | 2024-01-29 | not yet calculated | CVE-2024-23940 [email protected] [email protected] [email protected] |
truelayer — truelayer-dotnet | TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected. | 2024-01-30 | not yet calculated | CVE-2024-23838 [email protected] [email protected] |
vinchin — backup_&_recovery | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. | 2024-02-02 | not yet calculated | CVE-2024-22899 [email protected] [email protected] [email protected] |
vinchin — backup_&_recovery | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. | 2024-02-02 | not yet calculated | CVE-2024-22900 [email protected] [email protected] [email protected] |
vinchin — backup_&_recovery | Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. | 2024-02-02 | not yet calculated | CVE-2024-22901 [email protected] [email protected] [email protected] |
vinchin — backup_&_recovery | Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. | 2024-02-02 | not yet calculated | CVE-2024-22902 [email protected] [email protected] [email protected] [email protected] |
vinchin — backup_&_recovery | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. | 2024-02-02 | not yet calculated | CVE-2024-22903 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn’t prevent attackers with administrator privileges from inserting malicious JavaScript inside a post’s header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations. | 2024-01-29 | not yet calculated | CVE-2023-5124 [email protected] |
wordpress — wordpress | The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-01-29 | not yet calculated | CVE-2023-7200 [email protected] |
wordpress — wordpress | The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides | 2024-01-29 | not yet calculated | CVE-2023-7204 [email protected] |
xunruicms — xunruicms | Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. | 2024-02-02 | not yet calculated | CVE-2024-24388 [email protected] |
ylianst — meshcentral | Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | 2024-01-30 | not yet calculated | CVE-2023-51837 [email protected] [email protected] [email protected] |
ylianst — meshcentral | An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16. | 2024-01-29 | not yet calculated | CVE-2023-51842 [email protected] [email protected] [email protected] |
ylianst — meshcentral | Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. | 2024-02-02 | not yet calculated | CVE-2023-51838 [email protected] [email protected] [email protected] |
zoho — manageengine_adaudit_plus | Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | 2024-02-02 | not yet calculated | CVE-2023-48792 [email protected] [email protected] |
zoho — manageengine_adaudit_plus | Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | 2024-02-02 | not yet calculated | CVE-2023-48793 [email protected] [email protected] |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.